Bleeping Computer

GitHub accounts stolen in ongoing phishing attacks

GitHub users are currently being targeted by a phishing campaign specifically designed to collect and steal their credentials via landing pages mimicking GitHub's login page. Besides taking over their ...
PC World

GitHub bans weak passwords after brute-force attack results in compromised accounts

Popular source code repository service GitHub has recently been hit by a brute-force password-guessing attack that successfully compromised some accounts. “We sent an email to users with compromised ...
Ars Technica

GitHub abused to distribute payloads on behalf of malware-as-a-service

Researchers from Cisco’s Talos security team have uncovered a malware-as-a-service operator that used public GitHub accounts as a channel for distributing an assortment of malicious software to ...
CSOonline

GitHub accounts targeted with fake security alerts

In a new phishing campaign, GitHub developers are being targeted with fake “Security Alerts” where they are prompted to authorize a malicious OAuth application. Successful execution of the Click-fix ...